This attack allows you to choose a specific packet for replaying (injecting). ​ The attack can obtain packets to replay from two sources. ​ The first being a live flow of packets from your wireless card. The second being from a pcap file. Standard Pcap format (Packet CAPture, associated with the libpcap library http://​www.tcpdump.org),​ is recognized by most commercial and open-source traffic capture and analysis tools. ​ Reading from a file is an often overlooked feature of aireplay-ng. ​ This allows you read packets from other capture sessions or quite often, various attacks generate pcap files for easy reuse. ​ A common use of reading ​ a file containing a packet your created with [[packetforge-ng]].

This attack allows you to choose a specific packet for replaying (injecting). ​ The attack can obtain packets to replay from two sources. ​ The first being a live flow of packets from your wireless card. The second being from a pcap file. Standard Pcap format (Packet CAPture, associated with the libpcap library http://​www.tcpdump.org),​ is recognized by most commercial and open-source traffic capture and analysis tools. ​ Reading from a file is an often overlooked feature of aireplay-ng. ​ This allows you read packets from other capture sessions or quite often, various attacks generate pcap files for easy reuse. ​ A common use of reading ​ a file containing a packet your created with [[packetforge-ng]].

-

In order to use the interactive packet replay successfully,​ it it important to understand a bit more about the wireless packet flow. You cannot simply capture and replay any packet. ​ Only certain packets can be replayed successfully. ​ Successfully means that it is accepted by the access point and causes a new inititialization vectory ​(IV) to be generated since that is the whole objective.

+

In order to use the interactive packet replay successfully,​ it it important to understand a bit more about the wireless packet flow. You cannot simply capture and replay any packet. ​ Only certain packets can be replayed successfully. ​ Successfully means that it is accepted by the access point and causes a new initialization vector ​(IV) to be generated since that is the whole objective.

To do this, we either have to select a packet which naturally will be successful or manipulate a captured packet into a natural one. We will now explore these two concepts in more detail.

To do this, we either have to select a packet which naturally will be successful or manipulate a captured packet into a natural one. We will now explore these two concepts in more detail.

Line 47:

Line 47:

==== Natural Packet Replay ====

==== Natural Packet Replay ====

-

For this example, you do not need do a fake authenticaion ​first, since the source MAC address is already associated with the access point. ​ The source MAC address is from the existing wireless client.

+

For this example, you do not need do a fake authentication ​first, since the source MAC address is already associated with the access point. ​ The source MAC address is from the existing wireless client.